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DETAILED ACTION 



Priority 

Acknowledgment is made of applicant's claim for foreign priority based on an 
application filed in Japan on 03/31/2003. It is noted, however, that applicant has not 
filed a certified copy of the 2003-093140 application as required by 35 U.S.C. 119(b). 



Claim Rejections - 35 USC § 102 

1. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or 
in public use or on sale in this country, more than one year prior to the date of application for 
patent in the United States. 

2. Claim 1 is rejected under 35 U.S.C. 102(b) as being anticipated bv Imai et al. 

(U.S. Patent No. 5,870,467). 

As to claim 1, Imai et al. discloses an IO-requesting method of issuing an IO 
request (column 8 lines 15-35, Fig. 1 element 11) to a storage apparatus (column 8 line 
64 thru column 9 line 7) of a computer system by execution of a program in said 
computer system (column 8 lines 15-35), wherein a program identifier set in advance 
(column 9 lines 8-21) in said program and a request address are applied to a first 
function for inputting two values to generate one value used as a new address with said 
program identifier appended thereto, and said IO request is issued by using said new 
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address (column 4 lines 35-60, column 5 lines 16-47, column 26 lines 18-45, Fig. 1 
element 11). 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 

4. Claims 2-6 are rejected under 35 U.S.C. 103(a) as being unpatentable over Imai 
et al. (U.S. Patent No. 5,870,467) in view of Umebavashi et al. (U.S. Patent Application 
Publication No. US 2004/0010707 A1). 

As to claim 2, Imai et al. discloses a computer executing a first program issuing 
an IO request to a storage apparatus and a second program for collecting said IO 
request and transmitting said IO request as an IO command to said storage apparatus 
(column 6 lines 12-52) wherein: 

a program identifier set in advance in said first program (column 9 lines 8-23, Fig. 
1 element 11) and a request address are applied to a first function for inputting two 
values, that is, said program identifier and said request address, to generate one value 
used as a new address with said program identifier appended thereto, and said IO 
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request is issued by using said new address (column 4 lines 35-60, column 5 lines 16- 
47, column 26 lines 18-45, Fig. 1); 

if said IO request is an IO request issued to a logical volume existing in said 
storage apparatus as a logical volume prescribed to be a protected logical volume, a 
second function for carrying out an operation to input one value for generation of two 
output values as an operation inverse to that of said first function generates an original 
request address and a program identifier, that is, said two output values, from said one 
input value, that is an address specified in said IO request as said new address; 
(column 4 lines 35-60, column 5 lines 16-47, column 26 lines 18-45, Fig. 1) 

said second program has a table associating a program identifier, a logical 
volume existing in said storage apparatus and a network address with each other 
(column 6 lines 12-34). 

Imai et al. does not disclose wherein said table is searched for a network address 
associated with said generated program identifier and a logical volume indicated by said 
generated original request address and a communication with said storage apparatus is 
carried out by using said network address as an address of a transmission originator in 
order to issue an IO command to said original request address. 

Umebavashi et al. discloses wherein said table is searched for a network 
address associated with said generated program identifier and a logical volume 
indicated by said generated original request address and a communication with said 
storage apparatus is carried out by using said network address as an address of a 
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transmission originator in order to issue an IO command to said original request 
address (paragraphs 41-43, Fig. 1). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Imai et al. to include wherein said 
table is searched for a network address associated with said generated program 
identifier and a logical volume indicated by said generated original request address and 
a communication with said storage apparatus is carried out by using said network 
address as an address of a transmission originator in order to issue an IO command to 
said original request address (paragraphs 41-43, Fig. 1). 

It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Imai et al. by the teaching of Umebavashi et 
al. because including said table is searched for a network address associated with said 
generated program identifier and a logical volume indicated by said generated original 
request address and a communication with said storage apparatus is carried out by 
using said network address as an address of a transmission originator in order to issue 
an IO command to said original request address (paragraphs 41-43, Fig. 1) would 
prevent a possibility for a malicious system manager to rewrite the access rights for 
writing data, or to utilize the writing data improperly under by reading and writing under 
the right given to the system manager (column 2 lines 47-52 of Imai et al.). 

As to claim 3, Imai et al. discloses a computer system comprising one or more 
computers and one or more storage apparatus connected to said computers by a 
network apparatus (column 8 lines 45-65, Fig. 1) wherein: 
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in each of said computers: 

a first program issuing an IO request (column 9 lines 8-23, Fig. 1 element 11) 
to a storage apparatus and a second program for collecting said IO request (Fig. 1 
element 10) and transmitting said IO request as an IO command to said storage 
apparatus are executed (column 8 lines 45-65, Fig. 1); 

a program identifier set in advance in said first program (column 9 lines 8-23, 
Fig. 1 element 11) and a request address are applied to a first function for inputting two 
values, that is, said program identifier and said request address, to generate one value 
used as a new address with said program identifier appended thereto, and said IO 
request is issued by using said new address (column 4 lines 36-60, column 5 lines 16- 
46, column 26 lines 18-45, Fig. 1); 

said second program has a table associating a program identifier, a logical 
volume existing in said storage apparatus and a network address with each other 
(column 6 lines 12-34); and 

if said IO request is an IO request issued to a logical volume existing in said 
storage apparatus as a logical volume prescribed to be a protected logical volume, a 
second function for carrying out an operation to input one value for generation of two 
output values as an operation inverse to that of said first function generates an original 
request address and a program identifier, that is, said two output values, from said one 
input value, that is an address specified in said IO request as said new address (column 
4 lines 35-60, column 5 lines 16-47, column 26 lines 18-45, Fig. 1), and 
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on the basis of said network address used as an address of a transmission 
originator, said network apparatus determines whether or not a communication with said 
storage apparatus can be carried out (column 5 lines 16-47, Fig. 2 steps S24 and S27). 

Imai et al. does not disclose wherein said table is searched for a network address 
associated with said generated program identifier and a logical volume indicated by said 
generated original request address and a communication with said storage apparatus is 
carried out by using said network address as an address of a transmission originator in 
order to issue an IO command to said original request address. 

Umebavashi et al. discloses wherein said table is searched for a network 
address associated with said generated program identifier and a logical volume 
indicated by said generated original request address and a communication with said 
storage apparatus is carried out by using said network address as an address of a 
transmission originator in order to issue an IO command to said original request 
address (paragraphs 41-43, Fig. 1). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Imai et al. to include wherein said 
table is searched for a network address associated with said generated program 
identifier and a logical volume indicated by said generated original request address and 
a communication with said storage apparatus is carried out by using said network 
address as an address of a transmission originator in order to issue an IO command to 
said original request address (paragraphs 41-43, Fig. 1). 
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It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Imai et al. by the teaching of Umebavashi et 
aL because including said table is searched for a network address associated with said 
generated program identifier and a logical volume indicated by said generated original 
request address and a communication with said storage apparatus is carried out by 
using said network address as an address of a transmission originator in order to issue 
an IO command to said original request address (paragraphs 41-43, Fig. 1) would 
prevent a possibility for a malicious system manager to rewrite the access rights for 
writing data, or to utilize the writing data improperly under by reading and writing under 
the right given to the system manager (column 2 lines 47-52 of Imai et al.). 

As to claim 4, Imai et al. discloses wherein, in place of said network apparatus, 
said storage apparatus determines whether or not an access to a logical volume 
existing in said storage apparatus can be made (column 6 lines 12-34). 

As to claim 5, Imai et al. discloses an access control method adopted for a 
storage apparatus said method comprises the steps of: 

recognizing a received IO command as an IO command issued to a logical 
volume existing in said storage apparatus as a logical volume prescribed to be a logical 
volume protected from a received IO command (column 6 lines 12-34, column 8 lines 
15-34, column 9 lines 8-23, Fig. 2 steps S24 and S27); 

using a second function for inputting one value to generate two output values as 
a function for obtaining a second address and a program identifier, that is, said two 
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output values, from said one value, that is a first address specified in said IO command 
(column 5 lines 15-59); 

determining whether or not an access to said logical volume can be made on the 
basis of said program identifier and an association table (column 8 line 45 thru column 9 
line 23); and 

replacing said first address specified in said IO command with said second 
address and processing said IO command in case an access by using said IO 
command is determined to be an access that can be made (column 8 line 45 thru 
column 9 line 23, column 10 lines 10-50). 

Imai et al. does not disclose wherein said association table is provided as a table 
for associating a logical-volume identifier with a program identifier for identifying a 
program allowed to make an access to a logical volume identified by said logical-volume 
identifier. 

Umebavashi et al. discloses wherein said association table is provided as a table 
for associating a logical-volume identifier with a program identifier for identifying a 
program allowed to make an access to a logical volume identified by said logical-volume 
identifier (paragraphs 41-43, Fig. 1). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Imai et al. to include wherein said 
association table is provided as a table for associating a logical-volume identifier with a 
program identifier for identifying a program allowed to make an access to a logical 
volume identified by said logical-volume identifier. 
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It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Imai et al. by the teaching of Umebavashi et 
aL because including said association table is provided as a table for associating a 
logical-volume identifier with a program identifier for identifying a program allowed to 
make an access to a logical volume identified by said logical-volume identifier would 
prevent a possibility for a malicious system manager to rewrite the access rights for 
writing data, or to utilize the writing data improperly under by reading and writing under 
the right given to the system manager (column 2 lines 47-52 of Imai et al.). 

As to claim 6, Imai et al. discloses an access control method adopted for a 
storage apparatus said method comprises the steps of: 

recognizing a received IO command as an IO command included in a packet 
transmitted through a network as an IO command issued to a logical volume existing in 
said storage apparatus as a logical volume prescribed to be a logical volume protected 
from a received IO command (column 5 lines 15-59, column 8 line 45 thru column 9 line 
23); 

using a second function for inputting one value to generate two outputs as a 
function for obtaining a second address and a program identifier, that is, said two output 
values, from said one value, that is, a first address specified in said IO command 
(column 5 lines 15-59); 

determining whether or not said pocket can be transferred to said storage 
apparatus on the basis of said program identifier and an association table (column 8 line 
45 thru column 9 line 23); and 
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replacing said first address specified in said IO command with said second 
address and transmitting said packet in case an access by using said IO command is 
determined to be an access that can be made (column 8 line 45 thru column 9 line 23, 
column 10 lines 10-50). 

Imai et al. does not disclose wherein said association table is provided as a table 
for associating a storage-apparatus identifier for identifying said storage apparatus, a 
logical-volume identifier for identifying a logical volume existing in said storage 
apparatus and a program identifier for identifying a program allowed to make an access 
to said logical volume identified by said logical-volume identifier with each other***. 

Umebayashi et al. discloses wherein said association table is provided as a table 
for associating a storage-apparatus identifier for identifying said storage apparatus, a 
logical-volume identifier for identifying a logical volume existing in said storage 
apparatus and a program identifier for identifying a program allowed to make an access 
to said logical volume identified by said logical-volume identifier with each other 
(paragraphs 41-43, Fig. 1). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to have modified Imai et al. to include wherein said 
association table is provided as a table for associating a storage-apparatus identifier for 
identifying said storage apparatus, a logical-volume identifier for identifying a logical 
volume existing in said storage apparatus and a program identifier for identifying a 
program allowed to make an access to said logical volume identified by said logical- 
volume identifier with each other. 
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It would have been obvious to a person having ordinary skill in the art at the time 
the invention was made to have modified Imai et al. by the teaching of Umebavashi et 
aL because including said association table is provided as a table for associating a 
storage-apparatus identifier for identifying said storage apparatus, a logical-volume 
identifier for identifying a logical volume existing in said storage apparatus and a 
program identifier for identifying a program allowed to make an access to said logical 
volume identified by said logical-volume identifier with each other would prevent a 
possibility for a malicious system manager to rewrite the access rights for writing data, 
or to utilize the writing data improperly under by reading and writing under the right 
given to the system manager (column 2 lines 47-52 of Imai et al.). 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. The following documents have been made of record of to further 
show the input/output management suitable for protection of electronic writing data. 

1) Baum et al. U.S. Patent No. 5,023,773 A 

2) Ankney etal. U.S. Patent No. 5,113,499 A 

3) Grube et al. U.S. Patent No. 5,602,916 A 

4) Pearce, John J. U.S. Patent No. 5,657,445 A 

5) Wu et al. U.S. Patent No. 5,848,279 A 

6) Golding, Richard A. U.S. Patent No. 6,292,876 B1 
6) Scheussler et al. U.S. Patent No. 6,366,950 B1 
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8) Pujareetal. U.S. Patent Application Publication No. 2002/0083183 A1 

9) Wohlgemuth et al. U.S. Patent Application Publication No. 2002/0087883 A1 

10) Lee, Michele C. U.S. Patent Application Publication No. 2002/0147746 A1 

11) Gabor et al. U.S. Patent Application Publication No. 2004/0117657 A1 
Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Robert Borkowski whose telephone number is 571-272- 
8626. The examiner can normally be reached on Monday - Friday 8:30AM-5:00PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, HUYNH KIM NGOC can be reached on 571-272-4147. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



Robert Borkowski 
AU2181 

January 26, 2006 




